#!/usr/bin/env python """ BFD tests """ from __future__ import division import binascii import hashlib import time import unittest from random import randint, shuffle, getrandbits from socket import AF_INET, AF_INET6, inet_ntop from struct import pack, unpack from six import moves import scapy.compat from scapy.layers.inet import UDP, IP from scapy.layers.inet6 import IPv6 from scapy.layers.l2 import Ether from scapy.packet import Raw from bfd import VppBFDAuthKey, BFD, BFDAuthType, VppBFDUDPSession, \ BFDDiagCode, BFDState, BFD_vpp_echo from framework import VppTestCase, VppTestRunner, running_extended_tests from util import ppp from vpp_ip import DpoProto from vpp_ip_route import VppIpRoute, VppRoutePath from vpp_lo_interface import VppLoInterface from vpp_papi_provider import UnexpectedApiReturnValueError from vpp_pg_interface import CaptureTimeoutError, is_ipv6_misc USEC_IN_SEC = 1000000 class AuthKeyFactory(object): """Factory class for creating auth keys with unique conf key ID""" def __init__(self): self._conf_key_ids = {} def create_random_key(self, test, auth_type=BFDAuthType.keyed_sha1): """ create a random key with unique conf key id """ conf_key_id = randint(0, 0xFFFFFFFF) while conf_key_id in self._conf_key_ids: conf_key_id = randint(0, 0xFFFFFFFF) self._conf_key_ids[conf_key_id] = 1 key = scapy.compat.raw( bytearray([randint(0, 255) for _ in range(randint(1, 20))])) return VppBFDAuthKey(test=test, auth_type=auth_type, conf_key_id=conf_key_id, key=key) @unittest.skipUnless(running_extended_tests, "part of extended tests") class BFDAPITestCase(VppTestCase): """Bidirectional Forwarding Detection (BFD) - API""" pg0 = None pg1 = None @classmethod def setUpClass(cls): super(BFDAPITestCase, cls).setUpClass() cls.vapi.cli("set log class bfd level debug") try: cls.create_pg_interfaces(range(2)) for i in cls.pg_interfaces: i.config_ip4() i.config_ip6() i.resolve_arp() except Exception: super(BFDAPITestCase, cls).tearDownClass() raise @classmethod def tearDownClass(cls): super(BFDAPITestCase, cls).tearDownClass() def setUp(self): super(BFDAPITestCase, self).setUp() self.factory = AuthKeyFactory() def test_add_bfd(self): """ create a BFD session """ session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4) session.add_vpp_config() self.logger.debug("Session state is %s", session.state) session.remove_vpp_config() session.add_vpp_config() self.logger.debug("Session state is %s", session.state) session.remove_vpp_config() def test_double_add(self): """ create the same BFD session twice (negative case) """ session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4) session.add_vpp_config() with self.vapi.assert_negative_api_retval(): session.add_vpp_config() session.remove_vpp_config() def test_add_bfd6(self): """ create IPv6 BFD session """ session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip6, af=AF_INET6) session.add_vpp_config() self.logger.debug("Session state is %s", session.state) session.remove_vpp_config() session.add_vpp_config() self.logger.debug("Session state is %s", session.state) session.remove_vpp_config() def test_mod_bfd(self): """ modify BFD session parameters """ session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, desired_min_tx=50000, required_min_rx=10000, detect_mult=1) session.add_vpp_config() s = session.get_bfd_udp_session_dump_entry() self.assert_equal(session.desired_min_tx, s.desired_min_tx, "desired min transmit interval") self.assert_equal(session.required_min_rx, s.required_min_rx, "required min receive interval") self.assert_equal(session.detect_mult, s.detect_mult, "detect mult") session.modify_parameters(desired_min_tx=session.desired_min_tx * 2, required_min_rx=session.required_min_rx * 2, detect_mult=session.detect_mult * 2) s = session.get_bfd_udp_session_dump_entry() self.assert_equal(session.desired_min_tx, s.desired_min_tx, "desired min transmit interval") self.assert_equal(session.required_min_rx, s.required_min_rx, "required min receive interval") self.assert_equal(session.detect_mult, s.detect_mult, "detect mult") def test_add_sha1_keys(self): """ add SHA1 keys """ key_count = 10 keys = [self.factory.create_random_key( self) for i in range(0, key_count)] for key in keys: self.assertFalse(key.query_vpp_config()) for key in keys: key.add_vpp_config() for key in keys: self.assertTrue(key.query_vpp_config()) # remove randomly indexes = range(key_count) shuffle(indexes) removed = [] for i in indexes: key = keys[i] key.remove_vpp_config() removed.append(i) for j in range(key_count): key = keys[j] if j in removed: self.assertFalse(key.query_vpp_config()) else: self.assertTrue(key.query_vpp_config()) # should be removed now for key in keys: self.assertFalse(key.query_vpp_config()) # add back and remove again for key in keys: key.add_vpp_config() for key in keys: self.assertTrue(key.query_vpp_config()) for key in keys: key.remove_vpp_config() for key in keys: self.assertFalse(key.query_vpp_config()) def test_add_bfd_sha1(self): """ create a BFD session (SHA1) """ key = self.factory.create_random_key(self) key.add_vpp_config() session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) session.add_vpp_config() self.logger.debug("Session state is %s", session.state) session.remove_vpp_config() session.add_vpp_config() self.logger.debug("Session state is %s", session.state) session.remove_vpp_config() def test_double_add_sha1(self): """ create the same BFD session twice (negative case) (SHA1) """ key = self.factory.create_random_key(self) key.add_vpp_config() session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) session.add_vpp_config() with self.assertRaises(Exception): session.add_vpp_config() def test_add_auth_nonexistent_key(self): """ create BFD session using non-existent SHA1 (negative case) """ session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip4, sha1_key=self.factory.create_random_key(self)) with self.assertRaises(Exception): session.add_vpp_config() def test_shared_sha1_key(self): """ share single SHA1 key between multiple BFD sessions """ key = self.factory.create_random_key(self) key.add_vpp_config() sessions = [ VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key), VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip6, sha1_key=key, af=AF_INET6), VppBFDUDPSession(self, self.pg1, self.pg1.remote_ip4, sha1_key=key), VppBFDUDPSession(self, self.pg1, self.pg1.remote_ip6, sha1_key=key, af=AF_INET6)] for s in sessions: s.add_vpp_config() removed = 0 for s in sessions: e = key.get_bfd_auth_keys_dump_entry() self.assert_equal(e.use_count, len(sessions) - removed, "Use count for shared key") s.remove_vpp_config() removed += 1 e = key.get_bfd_auth_keys_dump_entry() self.assert_equal(e.use_count, len(sessions) - removed, "Use count for shared key") def test_activate_auth(self): """ activate SHA1 authentication """ key = self.factory.cr
/*
 * Copyright (c) 2020 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include <vnet/vnet.h>

/* funciton declarations */

u32 vnet_hw_if_get_rx_queue_index_by_id (vnet_main_t *vnm, u32 hw_if_index,
					 u32 queue_id);
u32 vnet_hw_if_register_rx_queue (vnet_main_t *vnm, u32 hw_if_index,
				  u32 queue_id, u32 thread_idnex);
void vnet_hw_if_unregister_rx_queue (vnet_main_t *vnm, u32 queue_index);
void vnet_hw_if_unregister_all_rx_queues (vnet_main_t *vnm, u32 hw_if_index);
void vnet_hw_if_set_rx_queue_file_index (vnet_main_t *vnm, u32 queue_index,
					 u32 file_index);
void vnet_hw_if_set_input_node (vnet_main_t *vnm, u32 hw_if_index,
				u32 node_index);
int vnet_hw_if_set_rx_queue_mode (vnet_main_t *vnm, u32 queue_index,
				  vnet_hw_if_rx_mode mode);
vnet_hw_if_rx_mode vnet_hw_if_get_rx_queue_mode (vnet_main_t *vnm,
						 u32 queue_index);
void vnet_hw_if_set_rx_queue_thread_index (vnet_main_t *vnm, u32 queue_index,
					   u32 thread_index);
void vnet_hw_if_generate_rxq_int_poll_vector (vlib_main_t *vm,
					      vlib_node_runtime_t *node);

/* inline functions */

static_always_inline vnet_hw_if_rx_queue_t *
vnet_hw_if_get_rx_queue (vnet_main_t *vnm, u32 queue_index)
{
  vnet_interface_main_t *im = &vnm->interface_main;
  if (pool_is_free_index (im->hw_if_rx_queues, queue_index))
    return 0;
  return pool_elt_at_index (im->hw_if_rx_queues, queue_index);
}

static_always_inline void
vnet_hw_if_rx_queue_set_int_pending (vnet_main_t *vnm, u32 queue_index)
{
  vnet_hw_if_rx_queue_t *rxq = vnet_hw_if_get_rx_queue (vnm, queue_index);
  vnet_hw_interface_t *hi = vnet_get_hw_interface (vnm, rxq->hw_if_index);
  vlib_main_t *vm = vlib_get_main_by_index (rxq->thread_index);
  vnet_hw_if_rx_node_runtime_t *rt;
  if (PREDICT_FALSE (rxq->mode != VNET_HW_IF_RX_MODE_INTERRUPT &&
		     rxq->mode != VNET_HW_IF_RX_MODE_ADAPTIVE))
    return;
  rt = vlib_node_get_runtime_data (vm, hi->input_node_index);
  if (vm == vlib_get_main ())
    clib_interrupt_set (rt->rxq_interrupts, queue_index);
  else
    clib_interrupt_set_atomic (rt->rxq_interrupts, queue_index);
  vlib_node_set_interrupt_pending (vm, hi->input_node_index);
}

static_always_inline vnet_hw_if_rxq_poll_vector_t *
vnet_hw_if_get_rxq_poll_vector (vlib_main_t *vm, vlib_node_runtime_t *node)
{
  vnet_hw_if_rx_node_runtime_t *rt = (void *) node->runtime_data;

  if (PREDICT_FALSE (node->state == VLIB_NODE_STATE_INTERRUPT))
    vnet_hw_if_generate_rxq_int_poll_vector (vm, node);

  return rt->rxq_poll_vector;
}

static_always_inline u8
vnet_hw_if_get_rx_queue_numa_node (vnet_main_t *vnm, u32 queue_index)
{
  vnet_hw_if_rx_queue_t *rxq = vnet_hw_if_get_rx_queue (vnm, queue_index);
  vnet_hw_interface_t *hi = vnet_get_hw_interface (vnm, rxq->hw_if_index);
  return hi->numa_node;
}

static_always_inline u32
vnet_hw_if_get_rx_queue_thread_index (vnet_main_t *vnm, u32 queue_index)
{
  vnet_hw_if_rx_queue_t *rxq = vnet_hw_if_get_rx_queue (vnm, queue_index);
  return rxq->thread_index;
}

static_always_inline int
vnet_hw_if_rxq_cmp_cli_api (vnet_hw_if_rx_queue_t **a,
			    vnet_hw_if_rx_queue_t **b)
{
  vnet_main_t *vnm;
  vnet_hw_interface_t *hif_a;
  vnet_hw_interface_t *hif_b;

  if (*a == *b)
    return 0;

  if (a[0]->thread_index != b[0]->thread_index)
    return 2 * (a[0]->thread_index > b[0]->thread_index) - 1;

  vnm = vnet_get_main ();
  hif_a = vnet_get_hw_interface (vnm, a[0]->hw_if_index);
  hif_b = vnet_get_hw_interface (vnm, b[0]->hw_if_index);

  if (hif_a->input_node_index != hif_b->input_node_index)
    return 2 * (hif_a->input_node_index > hif_b->input_node_index) - 1;

  if (a[0]->hw_if_index != b[0]->hw_if_index)
    return 2 * (a[0]->hw_if_index > b[0]->hw_if_index) - 1;

  if (a[0]->queue_id != b[0]->queue_id)
    return 2 * (a[0]->queue_id > b[0]->queue_id) - 1;

  ASSERT (0);
  return ~0;
}

/*
 * fd.io coding-style-patch-verification: ON
 *
 * Local Variables:
 * eval: (c-set-style "gnu")
 * End:
 */
ession.required_min_rx) p = wait_for_bfd_packet( self, pcap_time_min=time.time() - self.vpp_clock_offset) # poll bit needs to be set self.assertIn("P", p.sprintf("%BFD.flags%"), "Poll bit not set in BFD packet") # finish poll sequence with final packet final = self.test_session.create_packet() final[BFD].flags = "F" timeout = self.test_session.detect_mult * \ max(self.test_session.desired_min_tx, self.vpp_session.required_min_rx) / USEC_IN_SEC self.test_session.send_packet(final) time_mark = time.time() e = self.vapi.wait_for_event(2 * timeout, "bfd_udp_session_details") verify_event(self, e, expected_state=BFDState.down) time_to_event = time.time() - time_mark self.assert_in_range(time_to_event, .9 * timeout, 1.1 * timeout, "session timeout") @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_modify_req_min_rx_halve(self): """ modify session - halve required min rx """ self.vpp_session.modify_parameters( required_min_rx=2 * self.vpp_session.required_min_rx) bfd_session_up(self) p = wait_for_bfd_packet(self) self.test_session.update(desired_min_tx=10000, required_min_rx=10000) self.test_session.send_packet() p = wait_for_bfd_packet( self, pcap_time_min=time.time() - self.vpp_clock_offset) # halve required min rx old_required_min_rx = self.vpp_session.required_min_rx self.vpp_session.modify_parameters( required_min_rx=self.vpp_session.required_min_rx // 2) # now we wait 0.8*3*old-req-min-rx and the session should still be up self.sleep(0.8 * self.vpp_session.detect_mult * old_required_min_rx / USEC_IN_SEC, "wait before finishing poll sequence") self.assert_equal(len(self.vapi.collect_events()), 0, "number of bfd events") p = wait_for_bfd_packet(self) # poll bit needs to be set self.assertIn("P", p.sprintf("%BFD.flags%"), "Poll bit not set in BFD packet") # finish poll sequence with final packet final = self.test_session.create_packet() final[BFD].flags = "F" self.test_session.send_packet(final) # now the session should time out under new conditions detection_time = self.test_session.detect_mult *\ self.vpp_session.required_min_rx / USEC_IN_SEC before = time.time() e = self.vapi.wait_for_event( 2 * detection_time, "bfd_udp_session_details") after = time.time() self.assert_in_range(after - before, 0.9 * detection_time, 1.1 * detection_time, "time before bfd session goes down") verify_event(self, e, expected_state=BFDState.down) @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_modify_detect_mult(self): """ modify detect multiplier """ bfd_session_up(self) p = wait_for_bfd_packet(self) self.vpp_session.modify_parameters(detect_mult=1) p = wait_for_bfd_packet( self, pcap_time_min=time.time() - self.vpp_clock_offset) self.assert_equal(self.vpp_session.detect_mult, p[BFD].detect_mult, "detect mult") # poll bit must not be set self.assertNotIn("P", p.sprintf("%BFD.flags%"), "Poll bit not set in BFD packet") self.vpp_session.modify_parameters(detect_mult=10) p = wait_for_bfd_packet( self, pcap_time_min=time.time() - self.vpp_clock_offset) self.assert_equal(self.vpp_session.detect_mult, p[BFD].detect_mult, "detect mult") # poll bit must not be set self.assertNotIn("P", p.sprintf("%BFD.flags%"), "Poll bit not set in BFD packet") @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_queued_poll(self): """ test poll sequence queueing """ bfd_session_up(self) p = wait_for_bfd_packet(self) self.vpp_session.modify_parameters( required_min_rx=2 * self.vpp_session.required_min_rx) p = wait_for_bfd_packet(self) poll_sequence_start = time.time() poll_sequence_length_min = 0.5 send_final_after = time.time() + poll_sequence_length_min # poll bit needs to be set self.assertIn("P", p.sprintf("%BFD.flags%"), "Poll bit not set in BFD packet") self.assert_equal(p[BFD].required_min_rx_interval, self.vpp_session.required_min_rx, "BFD required min rx interval") self.vpp_session.modify_parameters( required_min_rx=2 * self.vpp_session.required_min_rx) # 2nd poll sequence should be queued now # don't send the reply back yet, wait for some time to emulate # longer round-trip time packet_count = 0 while time.time() < send_final_after: self.test_session.send_packet() p = wait_for_bfd_packet(self) self.assert_equal(len(self.vapi.collect_events()), 0, "number of bfd events") self.assert_equal(p[BFD].required_min_rx_interval, self.vpp_session.required_min_rx, "BFD required min rx interval") packet_count += 1 # poll bit must be set self.assertIn("P", p.sprintf("%BFD.flags%"), "Poll bit not set in BFD packet") final = self.test_session.create_packet() final[BFD].flags = "F" self.test_session.send_packet(final) # finish 1st with final poll_sequence_length = time.time() - poll_sequence_start # vpp must wait for some time before starting new poll sequence poll_no_2_started = False for dummy in range(2 * packet_count): p = wait_for_bfd_packet(self) self.assert_equal(len(self.vapi.collect_events()), 0, "number of bfd events") if "P" in p.sprintf("%BFD.flags%"): poll_no_2_started = True if time.time() < poll_sequence_start + poll_sequence_length: raise Exception("VPP started 2nd poll sequence too soon") final = self.test_session.create_packet() final[BFD].flags = "F" self.test_session.send_packet(final) break else: self.test_session.send_packet() self.assertTrue(poll_no_2_started, "2nd poll sequence not performed") # finish 2nd with final final = self.test_session.create_packet() final[BFD].flags = "F" self.test_session.send_packet(final) p = wait_for_bfd_packet(self) # poll bit must not be set self.assertNotIn("P", p.sprintf("%BFD.flags%"), "Poll bit set in BFD packet") @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_poll_response(self): """ test correct response to control frame with poll bit set """ bfd_session_up(self) poll = self.test_session.create_packet() poll[BFD].flags = "P" self.test_session.send_packet(poll) final = wait_for_bfd_packet( self, pcap_time_min=time.time() - self.vpp_clock_offset) self.assertIn("F", final.sprintf("%BFD.flags%")) @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_no_periodic_if_remote_demand(self): """ no periodic frames outside poll sequence if remote demand set """ bfd_session_up(self) demand = self.test_session.create_packet() demand[BFD].flags = "D" self.test_session.send_packet(demand) transmit_time = 0.9 \ * max(self.vpp_session.required_min_rx, self.test_session.desired_min_tx) \ / USEC_IN_SEC count = 0 for dummy in range(self.test_session.detect_mult * 2): self.sleep(transmit_time) self.test_session.send_packet(demand) try: p = wait_for_bfd_packet(self, timeout=0) self.logger.error(ppp("Received unexpected packet:", p)) count += 1 except CaptureTimeoutError: pass events = self.vapi.collect_events() for e in events: self.logger.error("Received unexpected event: %s", e) self.assert_equal(count, 0, "number of packets received") self.assert_equal(len(events), 0, "number of events received") def test_echo_looped_back(self): """ echo packets looped back """ # don't need a session in this case.. self.vpp_session.remove_vpp_config() self.pg0.enable_capture() echo_packet_count = 10 # random source port low enough to increment a few times.. udp_sport_tx = randint(1, 50000) udp_sport_rx = udp_sport_tx echo_packet = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg0.remote_ip4) / UDP(dport=BFD.udp_dport_echo) / Raw("this should be looped back")) for dummy in range(echo_packet_count): self.sleep(.01, "delay between echo packets") echo_packet[UDP].sport = udp_sport_tx udp_sport_tx += 1 self.logger.debug(ppp("Sending packet:", echo_packet)) self.pg0.add_stream(echo_packet) self.pg_start() for dummy in range(echo_packet_count): p = self.pg0.wait_for_packet(1) self.logger.debug(ppp("Got packet:", p)) ether = p[Ether] self.assert_equal(self.pg0.remote_mac, ether.dst, "Destination MAC") self.assert_equal(self.pg0.local_mac, ether.src, "Source MAC") ip = p[IP] self.assert_equal(self.pg0.remote_ip4, ip.dst, "Destination IP") self.assert_equal(self.pg0.remote_ip4, ip.src, "Destination IP") udp = p[UDP] self.assert_equal(udp.dport, BFD.udp_dport_echo, "UDP destination port") self.assert_equal(udp.sport, udp_sport_rx, "UDP source port") udp_sport_rx += 1 # need to compare the hex payload here, otherwise BFD_vpp_echo # gets in way self.assertEqual(scapy.compat.raw(p[UDP].payload), scapy.compat.raw(echo_packet[UDP].payload), "Received packet is not the echo packet sent") self.assert_equal(udp_sport_tx, udp_sport_rx, "UDP source port (== " "ECHO packet identifier for test purposes)") def test_echo(self): """ echo function """ bfd_session_up(self) self.test_session.update(required_min_echo_rx=150000) self.test_session.send_packet() detection_time = self.test_session.detect_mult *\ self.vpp_session.required_min_rx / USEC_IN_SEC # echo shouldn't work without echo source set for dummy in range(10): sleep = self.vpp_session.required_min_rx / USEC_IN_SEC self.sleep(sleep, "delay before sending bfd packet") self.test_session.send_packet() p = wait_for_bfd_packet( self, pcap_time_min=time.time() - self.vpp_clock_offset) self.assert_equal(p[BFD].required_min_rx_interval, self.vpp_session.required_min_rx, "BFD required min rx interval") self.test_session.send_packet() self.vapi.bfd_udp_set_echo_source(self.loopback0.sw_if_index) echo_seen = False # should be turned on - loopback echo packets for dummy in range(3): loop_until = time.time() + 0.75 * detection_time while time.time() < loop_until: p = self.pg0.wait_for_packet(1) self.logger.debug(ppp("Got packet:", p)) if p[UDP].dport == BFD.udp_dport_echo: self.assert_equal( p[IP].dst, self.pg0.local_ip4, "BFD ECHO dst IP") self.assertNotEqual(p[IP].src, self.loopback0.local_ip4, "BFD ECHO src IP equal to loopback IP") self.logger.debug(ppp("Looping back packet:", p)) self.assert_equal(p[Ether].dst, self.pg0.remote_mac, "ECHO packet destination MAC address") p[Ether].dst = self.pg0.local_mac self.pg0.add_stream(p) self.pg_start() echo_seen = True elif p.haslayer(BFD): if echo_seen: self.assertGreaterEqual( p[BFD].required_min_rx_interval, 1000000) if "P" in p.sprintf("%BFD.flags%"): final = self.test_session.create_packet() final[BFD].flags = "F" self.test_session.send_packet(final) else: raise Exception(ppp("Received unknown packet:", p)) self.assert_equal(len(self.vapi.collect_events()), 0, "number of bfd events") self.test_session.send_packet() self.assertTrue(echo_seen, "No echo packets received") @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_echo_fail(self): """ session goes down if echo function fails """ bfd_session_up(self) self.test_session.update(required_min_echo_rx=150000) self.test_session.send_packet() detection_time = self.test_session.detect_mult *\ self.vpp_session.required_min_rx / USEC_IN_SEC self.vapi.bfd_udp_set_echo_source(self.loopback0.sw_if_index) # echo function should be used now, but we will drop the echo packets verified_diag = False for dummy in range(3): loop_until = time.time() + 0.75 * detection_time while time.time() < loop_until: p = self.pg0.wait_for_packet(1) self.logger.debug(ppp("Got packet:", p)) if p[UDP].dport == BFD.udp_dport_echo: # dropped pass elif p.haslayer(BFD): if "P" in p.sprintf("%BFD.flags%"): self.assertGreaterEqual( p[BFD].required_min_rx_interval, 1000000) final = self.test_session.create_packet() final[BFD].flags = "F" self.test_session.send_packet(final) if p[BFD].state == BFDState.down: self.assert_equal(p[BFD].diag, BFDDiagCode.echo_function_failed, BFDDiagCode) verified_diag = True else: raise Exception(ppp("Received unknown packet:", p)) self.test_session.send_packet() events = self.vapi.collect_events() self.assert_equal(len(events), 1, "number of bfd events") self.assert_equal(events[0].state, BFDState.down, BFDState) self.assertTrue(verified_diag, "Incorrect diagnostics code received") @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_echo_stop(self): """ echo function stops if peer sets required min echo rx zero """ bfd_session_up(self) self.test_session.update(required_min_echo_rx=150000) self.test_session.send_packet() self.vapi.bfd_udp_set_echo_source(self.loopback0.sw_if_index) # wait for first echo packet while True: p = self.pg0.wait_for_packet(1) self.logger.debug(ppp("Got packet:", p)) if p[UDP].dport == BFD.udp_dport_echo: self.logger.debug(ppp("Looping back packet:", p)) p[Ether].dst = self.pg0.local_mac self.pg0.add_stream(p) self.pg_start() break elif p.haslayer(BFD): # ignore BFD pass else: raise Exception(ppp("Received unknown packet:", p)) self.test_session.update(required_min_echo_rx=0) self.test_session.send_packet() # echo packets shouldn't arrive anymore for dummy in range(5): wait_for_bfd_packet( self, pcap_time_min=time.time() - self.vpp_clock_offset) self.test_session.send_packet() events = self.vapi.collect_events() self.assert_equal(len(events), 0, "number of bfd events") @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_echo_source_removed(self): """ echo function stops if echo source is removed """ bfd_session_up(self) self.test_session.update(required_min_echo_rx=150000) self.test_session.send_packet() self.vapi.bfd_udp_set_echo_source(self.loopback0.sw_if_index) # wait for first echo packet while True: p = self.pg0.wait_for_packet(1) self.logger.debug(ppp("Got packet:", p)) if p[UDP].dport == BFD.udp_dport_echo: self.logger.debug(ppp("Looping back packet:", p)) p[Ether].dst = self.pg0.local_mac self.pg0.add_stream(p) self.pg_start() break elif p.haslayer(BFD): # ignore BFD pass else: raise Exception(ppp("Received unknown packet:", p)) self.vapi.bfd_udp_del_echo_source() self.test_session.send_packet() # echo packets shouldn't arrive anymore for dummy in range(5): wait_for_bfd_packet( self, pcap_time_min=time.time() - self.vpp_clock_offset) self.test_session.send_packet() events = self.vapi.collect_events() self.assert_equal(len(events), 0, "number of bfd events") @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_stale_echo(self): """ stale echo packets don't keep a session up """ bfd_session_up(self) self.test_session.update(required_min_echo_rx=150000) self.vapi.bfd_udp_set_echo_source(self.loopback0.sw_if_index) self.test_session.send_packet() # should be turned on - loopback echo packets echo_packet = None timeout_at = None timeout_ok = False for dummy in range(10 * self.vpp_session.detect_mult): p = self.pg0.wait_for_packet(1) if p[UDP].dport == BFD.udp_dport_echo: if echo_packet is None: self.logger.debug(ppp("Got first echo packet:", p)) echo_packet = p timeout_at = time.time() + self.vpp_session.detect_mult * \ self.test_session.required_min_echo_rx / USEC_IN_SEC else: self.logger.debug(ppp("Got followup echo packet:", p)) self.logger.debug(ppp("Looping back first echo packet:", p)) echo_packet[Ether].dst = self.pg0.local_mac self.pg0.add_stream(echo_packet) self.pg_start() elif p.haslayer(BFD): self.logger.debug(ppp("Got packet:", p)) if "P" in p.sprintf("%BFD.flags%"): final = self.test_session.create_packet() final[BFD].flags = "F" self.test_session.send_packet(final) if p[BFD].state == BFDState.down: self.assertIsNotNone( timeout_at, "Session went down before first echo packet received") now = time.time() self.assertGreaterEqual( now, timeout_at, "Session timeout at %s, but is expected at %s" % (now, timeout_at)) self.assert_equal(p[BFD].diag, BFDDiagCode.echo_function_failed, BFDDiagCode) events = self.vapi.collect_events() self.assert_equal(len(events), 1, "number of bfd events") self.assert_equal(events[0].state, BFDState.down, BFDState) timeout_ok = True break else: raise Exception(ppp("Received unknown packet:", p)) self.test_session.send_packet() self.assertTrue(timeout_ok, "Expected timeout event didn't occur") @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_invalid_echo_checksum(self): """ echo packets with invalid checksum don't keep a session up """ bfd_session_up(self) self.test_session.update(required_min_echo_rx=150000) self.vapi.bfd_udp_set_echo_source(self.loopback0.sw_if_index) self.test_session.send_packet() # should be turned on - loopback echo packets timeout_at = None timeout_ok = False for dummy in range(10 * self.vpp_session.detect_mult): p = self.pg0.wait_for_packet(1) if p[UDP].dport == BFD.udp_dport_echo: self.logger.debug(ppp("Got echo packet:", p)) if timeout_at is None: timeout_at = time.time() + self.vpp_session.detect_mult * \ self.test_session.required_min_echo_rx / USEC_IN_SEC p[BFD_vpp_echo].checksum = getrandbits(64) p[Ether].dst = self.pg0.local_mac self.logger.debug(ppp("Looping back modified echo packet:", p)) self.pg0.add_stream(p) self.pg_start() elif p.haslayer(BFD): self.logger.debug(ppp("Got packet:", p)) if "P" in p.sprintf("%BFD.flags%"): final = self.test_session.create_packet() final[BFD].flags = "F" self.test_session.send_packet(final) if p[BFD].state == BFDState.down: self.assertIsNotNone( timeout_at, "Session went down before first echo packet received") now = time.time() self.assertGreaterEqual( now, timeout_at, "Session timeout at %s, but is expected at %s" % (now, timeout_at)) self.assert_equal(p[BFD].diag, BFDDiagCode.echo_function_failed, BFDDiagCode) events = self.vapi.collect_events() self.assert_equal(len(events), 1, "number of bfd events") self.assert_equal(events[0].state, BFDState.down, BFDState) timeout_ok = True break else: raise Exception(ppp("Received unknown packet:", p)) self.test_session.send_packet() self.assertTrue(timeout_ok, "Expected timeout event didn't occur") @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_admin_up_down(self): """ put session admin-up and admin-down """ bfd_session_up(self) self.vpp_session.admin_down() self.pg0.enable_capture() e = self.vapi.wait_for_event(1, "bfd_udp_session_details") verify_event(self, e, expected_state=BFDState.admin_down) for dummy in range(2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.admin_down, BFDState) # try to bring session up - shouldn't be possible self.test_session.update(state=BFDState.init) self.test_session.send_packet() for dummy in range(2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.admin_down, BFDState) self.vpp_session.admin_up() self.test_session.update(state=BFDState.down) e = self.vapi.wait_for_event(1, "bfd_udp_session_details") verify_event(self, e, expected_state=BFDState.down) p = wait_for_bfd_packet( self, pcap_time_min=time.time() - self.vpp_clock_offset) self.assert_equal(p[BFD].state, BFDState.down, BFDState) self.test_session.send_packet() p = wait_for_bfd_packet( self, pcap_time_min=time.time() - self.vpp_clock_offset) self.assert_equal(p[BFD].state, BFDState.init, BFDState) e = self.vapi.wait_for_event(1, "bfd_udp_session_details") verify_event(self, e, expected_state=BFDState.init) self.test_session.update(state=BFDState.up) self.test_session.send_packet() p = wait_for_bfd_packet( self, pcap_time_min=time.time() - self.vpp_clock_offset) self.assert_equal(p[BFD].state, BFDState.up, BFDState) e = self.vapi.wait_for_event(1, "bfd_udp_session_details") verify_event(self, e, expected_state=BFDState.up) @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_config_change_remote_demand(self): """ configuration change while peer in demand mode """ bfd_session_up(self) demand = self.test_session.create_packet() demand[BFD].flags = "D" self.test_session.send_packet(demand) self.vpp_session.modify_parameters( required_min_rx=2 * self.vpp_session.required_min_rx) p = wait_for_bfd_packet( self, pcap_time_min=time.time() - self.vpp_clock_offset) # poll bit must be set self.assertIn("P", p.sprintf("%BFD.flags%"), "Poll bit not set") # terminate poll sequence final = self.test_session.create_packet() final[BFD].flags = "D+F" self.test_session.send_packet(final) # vpp should be quiet now again transmit_time = 0.9 \ * max(self.vpp_session.required_min_rx, self.test_session.desired_min_tx) \ / USEC_IN_SEC count = 0 for dummy in range(self.test_session.detect_mult * 2): self.sleep(transmit_time) self.test_session.send_packet(demand) try: p = wait_for_bfd_packet(self, timeout=0) self.logger.error(ppp("Received unexpected packet:", p)) count += 1 except CaptureTimeoutError: pass events = self.vapi.collect_events() for e in events: self.logger.error("Received unexpected event: %s", e) self.assert_equal(count, 0, "number of packets received") self.assert_equal(len(events), 0, "number of events received") def test_intf_deleted(self): """ interface with bfd session deleted """ intf = VppLoInterface(self) intf.config_ip4() intf.admin_up() sw_if_index = intf.sw_if_index vpp_session = VppBFDUDPSession(self, intf, intf.remote_ip4) vpp_session.add_vpp_config() vpp_session.admin_up() intf.remove_vpp_config() e = self.vapi.wait_for_event(1, "bfd_udp_session_details") self.assert_equal(e.sw_if_index, sw_if_index, "sw_if_index") self.assertFalse(vpp_session.query_vpp_config()) @unittest.skipUnless(running_extended_tests, "part of extended tests") class BFD6TestCase(VppTestCase): """Bidirectional Forwarding Detection (BFD) (IPv6) """ pg0 = None vpp_clock_offset = None vpp_session = None test_session = None @classmethod def setUpClass(cls): super(BFD6TestCase, cls).setUpClass() cls.vapi.cli("set log class bfd level debug") try: cls.create_pg_interfaces([0]) cls.pg0.config_ip6() cls.pg0.configure_ipv6_neighbors() cls.pg0.admin_up() cls.pg0.resolve_ndp() cls.create_loopback_interfaces(1) cls.loopback0 = cls.lo_interfaces[0] cls.loopback0.config_ip6() cls.loopback0.admin_up() except Exception: super(BFD6TestCase, cls).tearDownClass() raise @classmethod def tearDownClass(cls): super(BFD6TestCase, cls).tearDownClass() def setUp(self): super(BFD6TestCase, self).setUp() self.factory = AuthKeyFactory() self.vapi.want_bfd_events() self.pg0.enable_capture() try: self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip6, af=AF_INET6) self.vpp_session.add_vpp_config() self.vpp_session.admin_up() self.test_session = BFDTestSession(self, self.pg0, AF_INET6) self.logger.debug(self.vapi.cli("show adj nbr")) except: self.vapi.want_bfd_events(enable_disable=0) raise def tearDown(self): if not self.vpp_dead: self.vapi.want_bfd_events(enable_disable=0) self.vapi.collect_events() # clear the event queue super(BFD6TestCase, self).tearDown() def test_session_up(self): """ bring BFD session up """ bfd_session_up(self) def test_session_up_by_ip(self): """ bring BFD session up - first frame looked up by address pair """ self.logger.info("BFD: Sending Slow control frame") self.test_session.update(my_discriminator=randint(0, 40000000)) self.test_session.send_packet() self.pg0.enable_capture() p = self.pg0.wait_for_packet(1) self.assert_equal(p[BFD].your_discriminator, self.test_session.my_discriminator, "BFD - your discriminator") self.assert_equal(p[BFD].state, BFDState.init, BFDState) self.test_session.update(your_discriminator=p[BFD].my_discriminator, state=BFDState.up) self.logger.info("BFD: Waiting for event") e = self.vapi.wait_for_event(1, "bfd_udp_session_details") verify_event(self, e, expected_state=BFDState.init) self.logger.info("BFD: Sending Up") self.test_session.send_packet() self.logger.info("BFD: Waiting for event") e = self.vapi.wait_for_event(1, "bfd_udp_session_details") verify_event(self, e, expected_state=BFDState.up) self.logger.info("BFD: Session is Up") self.test_session.update(state=BFDState.up) self.test_session.send_packet() self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_hold_up(self): """ hold BFD session up """ bfd_session_up(self) for dummy in range(self.test_session.detect_mult * 2): wait_for_bfd_packet(self) self.test_session.send_packet() self.assert_equal(len(self.vapi.collect_events()), 0, "number of bfd events") self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) def test_echo_looped_back(self): """ echo packets looped back """ # don't need a session in this case.. self.vpp_session.remove_vpp_config() self.pg0.enable_capture() echo_packet_count = 10 # random source port low enough to increment a few times.. udp_sport_tx = randint(1, 50000) udp_sport_rx = udp_sport_tx echo_packet = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IPv6(src=self.pg0.remote_ip6, dst=self.pg0.remote_ip6) / UDP(dport=BFD.udp_dport_echo) / Raw("this should be looped back")) for dummy in range(echo_packet_count): self.sleep(.01, "delay between echo packets") echo_packet[UDP].sport = udp_sport_tx udp_sport_tx += 1 self.logger.debug(ppp("Sending packet:", echo_packet)) self.pg0.add_stream(echo_packet) self.pg_start() for dummy in range(echo_packet_count): p = self.pg0.wait_for_packet(1) self.logger.debug(ppp("Got packet:", p)) ether = p[Ether] self.assert_equal(self.pg0.remote_mac, ether.dst, "Destination MAC") self.assert_equal(self.pg0.local_mac, ether.src, "Source MAC") ip = p[IPv6] self.assert_equal(self.pg0.remote_ip6, ip.dst, "Destination IP") self.assert_equal(self.pg0.remote_ip6, ip.src, "Destination IP") udp = p[UDP] self.assert_equal(udp.dport, BFD.udp_dport_echo, "UDP destination port") self.assert_equal(udp.sport, udp_sport_rx, "UDP source port") udp_sport_rx += 1 # need to compare the hex payload here, otherwise BFD_vpp_echo # gets in way self.assertEqual(scapy.compat.raw(p[UDP].payload), scapy.compat.raw(echo_packet[UDP].payload), "Received packet is not the echo packet sent") self.assert_equal(udp_sport_tx, udp_sport_rx, "UDP source port (== " "ECHO packet identifier for test purposes)") self.assert_equal(udp_sport_tx, udp_sport_rx, "UDP source port (== " "ECHO packet identifier for test purposes)") def test_echo(self): """ echo function """ bfd_session_up(self) self.test_session.update(required_min_echo_rx=150000) self.test_session.send_packet() detection_time = self.test_session.detect_mult *\ self.vpp_session.required_min_rx / USEC_IN_SEC # echo shouldn't work without echo source set for dummy in range(10): sleep = self.vpp_session.required_min_rx / USEC_IN_SEC self.sleep(sleep, "delay before sending bfd packet") self.test_session.send_packet() p = wait_for_bfd_packet( self, pcap_time_min=time.time() - self.vpp_clock_offset) self.assert_equal(p[BFD].required_min_rx_interval, self.vpp_session.required_min_rx, "BFD required min rx interval") self.test_session.send_packet() self.vapi.bfd_udp_set_echo_source(self.loopback0.sw_if_index) echo_seen = False # should be turned on - loopback echo packets for dummy in range(3): loop_until = time.time() + 0.75 * detection_time while time.time() < loop_until: p = self.pg0.wait_for_packet(1) self.logger.debug(ppp("Got packet:", p)) if p[UDP].dport == BFD.udp_dport_echo: self.assert_equal( p[IPv6].dst, self.pg0.local_ip6, "BFD ECHO dst IP") self.assertNotEqual(p[IPv6].src, self.loopback0.local_ip6, "BFD ECHO src IP equal to loopback IP") self.logger.debug(ppp("Looping back packet:", p)) self.assert_equal(p[Ether].dst, self.pg0.remote_mac, "ECHO packet destination MAC address") p[Ether].dst = self.pg0.local_mac self.pg0.add_stream(p) self.pg_start() echo_seen = True elif p.haslayer(BFD): if echo_seen: self.assertGreaterEqual( p[BFD].required_min_rx_interval, 1000000) if "P" in p.sprintf("%BFD.flags%"): final = self.test_session.create_packet() final[BFD].flags = "F" self.test_session.send_packet(final) else: raise Exception(ppp("Received unknown packet:", p)) self.assert_equal(len(self.vapi.collect_events()), 0, "number of bfd events") self.test_session.send_packet() self.assertTrue(echo_seen, "No echo packets received") def test_intf_deleted(self): """ interface with bfd session deleted """ intf = VppLoInterface(self) intf.config_ip6() intf.admin_up() sw_if_index = intf.sw_if_index vpp_session = VppBFDUDPSession( self, intf, intf.remote_ip6, af=AF_INET6) vpp_session.add_vpp_config() vpp_session.admin_up() intf.remove_vpp_config() e = self.vapi.wait_for_event(1, "bfd_udp_session_details") self.assert_equal(e.sw_if_index, sw_if_index, "sw_if_index") self.assertFalse(vpp_session.query_vpp_config()) @unittest.skipUnless(running_extended_tests, "part of extended tests") class BFDFIBTestCase(VppTestCase): """ BFD-FIB interactions (IPv6) """ vpp_session = None test_session = None @classmethod def setUpClass(cls): super(BFDFIBTestCase, cls).setUpClass() @classmethod def tearDownClass(cls): super(BFDFIBTestCase, cls).tearDownClass() def setUp(self): super(BFDFIBTestCase, self).setUp() self.create_pg_interfaces(range(1)) self.vapi.want_bfd_events() self.pg0.enable_capture() for i in self.pg_interfaces: i.admin_up() i.config_ip6() i.configure_ipv6_neighbors() def tearDown(self): if not self.vpp_dead: self.vapi.want_bfd_events(enable_disable=0) super(BFDFIBTestCase, self).tearDown() @staticmethod def pkt_is_not_data_traffic(p): """ not data traffic implies BFD or the usual IPv6 ND/RA""" if p.haslayer(BFD) or is_ipv6_misc(p): return True return False def test_session_with_fib(self): """ BFD-FIB interactions """ # packets to match against both of the routes p = [(Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / IPv6(src="3001::1", dst="2001::1") / UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)), (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / IPv6(src="3001::1", dst="2002::1") / UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))] # A recursive and a non-recursive route via a next-hop that # will have a BFD session ip_2001_s_64 = VppIpRoute(self, "2001::", 64, [VppRoutePath(self.pg0.remote_ip6, self.pg0.sw_if_index, proto=DpoProto.DPO_PROTO_IP6)], is_ip6=1) ip_2002_s_64 = VppIpRoute(self, "2002::", 64, [VppRoutePath(self.pg0.remote_ip6, 0xffffffff, proto=DpoProto.DPO_PROTO_IP6)], is_ip6=1) ip_2001_s_64.add_vpp_config() ip_2002_s_64.add_vpp_config() # bring the session up now the routes are present self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip6, af=AF_INET6) self.vpp_session.add_vpp_config() self.vpp_session.admin_up() self.test_session = BFDTestSession(self, self.pg0, AF_INET6) # session is up - traffic passes bfd_session_up(self) self.pg0.add_stream(p) self.pg_start() for packet in p: captured = self.pg0.wait_for_packet( 1, filter_out_fn=self.pkt_is_not_data_traffic) self.assertEqual(captured[IPv6].dst, packet[IPv6].dst) # session is up - traffic is dropped bfd_session_down(self) self.pg0.add_stream(p) self.pg_start() with self.assertRaises(CaptureTimeoutError): self.pg0.wait_for_packet(1, self.pkt_is_not_data_traffic) # session is up - traffic passes bfd_session_up(self) self.pg0.add_stream(p) self.pg_start() for packet in p: captured = self.pg0.wait_for_packet( 1, filter_out_fn=self.pkt_is_not_data_traffic) self.assertEqual(captured[IPv6].dst, packet[IPv6].dst) @unittest.skipUnless(running_extended_tests, "part of extended tests") class BFDSHA1TestCase(VppTestCase): """Bidirectional Forwarding Detection (BFD) (SHA1 auth) """ pg0 = None vpp_clock_offset = None vpp_session = None test_session = None @classmethod def setUpClass(cls): super(BFDSHA1TestCase, cls).setUpClass() cls.vapi.cli("set log class bfd level debug") try: cls.create_pg_interfaces([0]) cls.pg0.config_ip4() cls.pg0.admin_up() cls.pg0.resolve_arp() except Exception: super(BFDSHA1TestCase, cls).tearDownClass() raise @classmethod def tearDownClass(cls): super(BFDSHA1TestCase, cls).tearDownClass() def setUp(self): super(BFDSHA1TestCase, self).setUp() self.factory = AuthKeyFactory() self.vapi.want_bfd_events() self.pg0.enable_capture() def tearDown(self): if not self.vpp_dead: self.vapi.want_bfd_events(enable_disable=0) self.vapi.collect_events() # clear the event queue super(BFDSHA1TestCase, self).tearDown() def test_session_up(self): """ bring BFD session up """ key = self.factory.create_random_key(self) key.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) self.vpp_session.add_vpp_config() self.vpp_session.admin_up() self.test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=self.vpp_session.bfd_key_id) bfd_session_up(self) @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_hold_up(self): """ hold BFD session up """ key = self.factory.create_random_key(self) key.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) self.vpp_session.add_vpp_config() self.vpp_session.admin_up() self.test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=self.vpp_session.bfd_key_id) bfd_session_up(self) for dummy in range(self.test_session.detect_mult * 2): wait_for_bfd_packet(self) self.test_session.send_packet() self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_hold_up_meticulous(self): """ hold BFD session up - meticulous auth """ key = self.factory.create_random_key( self, BFDAuthType.meticulous_keyed_sha1) key.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) self.vpp_session.add_vpp_config() self.vpp_session.admin_up() # specify sequence number so that it wraps self.test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=self.vpp_session.bfd_key_id, our_seq_number=0xFFFFFFFF - 4) bfd_session_up(self) for dummy in range(30): wait_for_bfd_packet(self) self.test_session.inc_seq_num() self.test_session.send_packet() self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_send_bad_seq_number(self): """ session is not kept alive by msgs with bad sequence numbers""" key = self.factory.create_random_key( self, BFDAuthType.meticulous_keyed_sha1) key.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) self.vpp_session.add_vpp_config() self.test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=self.vpp_session.bfd_key_id) bfd_session_up(self) detection_time = self.test_session.detect_mult *\ self.vpp_session.required_min_rx / USEC_IN_SEC send_until = time.time() + 2 * detection_time while time.time() < send_until: self.test_session.send_packet() self.sleep(0.7 * self.vpp_session.required_min_rx / USEC_IN_SEC, "time between bfd packets") e = self.vapi.collect_events() # session should be down now, because the sequence numbers weren't # updated self.assert_equal(len(e), 1, "number of bfd events") verify_event(self, e[0], expected_state=BFDState.down) def execute_rogue_session_scenario(self, vpp_bfd_udp_session, legitimate_test_session, rogue_test_session, rogue_bfd_values=None): """ execute a rogue session interaction scenario 1. create vpp session, add config 2. bring the legitimate session up 3. copy the bfd values from legitimate session to rogue session 4. apply rogue_bfd_values to rogue session 5. set rogue session state to down 6. send message to take the session down from the rogue session 7. assert that the legitimate session is unaffected """ self.vpp_session = vpp_bfd_udp_session self.vpp_session.add_vpp_config() self.test_session = legitimate_test_session # bring vpp session up bfd_session_up(self) # send packet from rogue session rogue_test_session.update( my_discriminator=self.test_session.my_discriminator, your_discriminator=self.test_session.your_discriminator, desired_min_tx=self.test_session.desired_min_tx, required_min_rx=self.test_session.required_min_rx, detect_mult=self.test_session.detect_mult, diag=self.test_session.diag, state=self.test_session.state, auth_type=self.test_session.auth_type) if rogue_bfd_values: rogue_test_session.update(**rogue_bfd_values) rogue_test_session.update(state=BFDState.down) rogue_test_session.send_packet() wait_for_bfd_packet(self) self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_mismatch_auth(self): """ session is not brought down by unauthenticated msg """ key = self.factory.create_random_key(self) key.add_vpp_config() vpp_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip4, sha1_key=key) legitimate_test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=vpp_session.bfd_key_id) rogue_test_session = BFDTestSession(self, self.pg0, AF_INET) self.execute_rogue_session_scenario(vpp_session, legitimate_test_session, rogue_test_session) @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_mismatch_bfd_key_id(self): """ session is not brought down by msg with non-existent key-id """ key = self.factory.create_random_key(self) key.add_vpp_config() vpp_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip4, sha1_key=key) # pick a different random bfd key id x = randint(0, 255) while x == vpp_session.bfd_key_id: x = randint(0, 255) legitimate_test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=vpp_session.bfd_key_id) rogue_test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=x) self.execute_rogue_session_scenario(vpp_session, legitimate_test_session, rogue_test_session) @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_mismatched_auth_type(self): """ session is not brought down by msg with wrong auth type """ key = self.factory.create_random_key(self) key.add_vpp_config() vpp_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip4, sha1_key=key) legitimate_test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=vpp_session.bfd_key_id) rogue_test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=vpp_session.bfd_key_id) self.execute_rogue_session_scenario( vpp_session, legitimate_test_session, rogue_test_session, {'auth_type': BFDAuthType.keyed_md5}) @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_restart(self): """ simulate remote peer restart and resynchronization """ key = self.factory.create_random_key( self, BFDAuthType.meticulous_keyed_sha1) key.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) self.vpp_session.add_vpp_config() self.test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=self.vpp_session.bfd_key_id, our_seq_number=0) bfd_session_up(self) # don't send any packets for 2*detection_time detection_time = self.test_session.detect_mult *\ self.vpp_session.required_min_rx / USEC_IN_SEC self.sleep(2 * detection_time, "simulating peer restart") events = self.vapi.collect_events() self.assert_equal(len(events), 1, "number of bfd events") verify_event(self, events[0], expected_state=BFDState.down) self.test_session.update(state=BFDState.down) # reset sequence number self.test_session.our_seq_number = 0 self.test_session.vpp_seq_number = None # now throw away any pending packets self.pg0.enable_capture() bfd_session_up(self) @unittest.skipUnless(running_extended_tests, "part of extended tests") class BFDAuthOnOffTestCase(VppTestCase): """Bidirectional Forwarding Detection (BFD) (changing auth) """ pg0 = None vpp_session = None test_session = None @classmethod def setUpClass(cls): super(BFDAuthOnOffTestCase, cls).setUpClass() cls.vapi.cli("set log class bfd level debug") try: cls.create_pg_interfaces([0]) cls.pg0.config_ip4() cls.pg0.admin_up() cls.pg0.resolve_arp() except Exception: super(BFDAuthOnOffTestCase, cls).tearDownClass() raise @classmethod def tearDownClass(cls): super(BFDAuthOnOffTestCase, cls).tearDownClass() def setUp(self): super(BFDAuthOnOffTestCase, self).setUp() self.factory = AuthKeyFactory() self.vapi.want_bfd_events() self.pg0.enable_capture() def tearDown(self): if not self.vpp_dead: self.vapi.want_bfd_events(enable_disable=0) self.vapi.collect_events() # clear the event queue super(BFDAuthOnOffTestCase, self).tearDown() def test_auth_on_immediate(self): """ turn auth on without disturbing session state (immediate) """ key = self.factory.create_random_key(self) key.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4) self.vpp_session.add_vpp_config() self.test_session = BFDTestSession(self, self.pg0, AF_INET) bfd_session_up(self) for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.vpp_session.activate_auth(key) self.test_session.bfd_key_id = self.vpp_session.bfd_key_id self.test_session.sha1_key = key for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) self.assert_equal(len(self.vapi.collect_events()), 0, "number of bfd events") def test_auth_off_immediate(self): """ turn auth off without disturbing session state (immediate) """ key = self.factory.create_random_key(self) key.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) self.vpp_session.add_vpp_config() self.test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=self.vpp_session.bfd_key_id) bfd_session_up(self) # self.vapi.want_bfd_events(enable_disable=0) for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.inc_seq_num() self.test_session.send_packet() self.vpp_session.deactivate_auth() self.test_session.bfd_key_id = None self.test_session.sha1_key = None for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.inc_seq_num() self.test_session.send_packet() self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) self.assert_equal(len(self.vapi.collect_events()), 0, "number of bfd events") def test_auth_change_key_immediate(self): """ change auth key without disturbing session state (immediate) """ key1 = self.factory.create_random_key(self) key1.add_vpp_config() key2 = self.factory.create_random_key(self) key2.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key1) self.vpp_session.add_vpp_config() self.test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key1, bfd_key_id=self.vpp_session.bfd_key_id) bfd_session_up(self) for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.vpp_session.activate_auth(key2) self.test_session.bfd_key_id = self.vpp_session.bfd_key_id self.test_session.sha1_key = key2 for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) self.assert_equal(len(self.vapi.collect_events()), 0, "number of bfd events") def test_auth_on_delayed(self): """ turn auth on without disturbing session state (delayed) """ key = self.factory.create_random_key(self) key.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4) self.vpp_session.add_vpp_config() self.test_session = BFDTestSession(self, self.pg0, AF_INET) bfd_session_up(self) for dummy in range(self.test_session.detect_mult * 2): wait_for_bfd_packet(self) self.test_session.send_packet() self.vpp_session.activate_auth(key, delayed=True) for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.test_session.bfd_key_id = self.vpp_session.bfd_key_id self.test_session.sha1_key = key self.test_session.send_packet() for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) self.assert_equal(len(self.vapi.collect_events()), 0, "number of bfd events") def test_auth_off_delayed(self): """ turn auth off without disturbing session state (delayed) """ key = self.factory.create_random_key(self) key.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) self.vpp_session.add_vpp_config() self.test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key, bfd_key_id=self.vpp_session.bfd_key_id) bfd_session_up(self) for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.vpp_session.deactivate_auth(delayed=True) for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.test_session.bfd_key_id = None self.test_session.sha1_key = None self.test_session.send_packet() for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) self.assert_equal(len(self.vapi.collect_events()), 0, "number of bfd events") def test_auth_change_key_delayed(self): """ change auth key without disturbing session state (delayed) """ key1 = self.factory.create_random_key(self) key1.add_vpp_config() key2 = self.factory.create_random_key(self) key2.add_vpp_config() self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key1) self.vpp_session.add_vpp_config() self.vpp_session.admin_up() self.test_session = BFDTestSession( self, self.pg0, AF_INET, sha1_key=key1, bfd_key_id=self.vpp_session.bfd_key_id) bfd_session_up(self) for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.vpp_session.activate_auth(key2, delayed=True) for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.test_session.bfd_key_id = self.vpp_session.bfd_key_id self.test_session.sha1_key = key2 self.test_session.send_packet() for dummy in range(self.test_session.detect_mult * 2): p = wait_for_bfd_packet(self) self.assert_equal(p[BFD].state, BFDState.up, BFDState) self.test_session.send_packet() self.assert_equal(self.vpp_session.state, BFDState.up, BFDState) self.assert_equal(len(self.vapi.collect_events()), 0, "number of bfd events") @unittest.skipUnless(running_extended_tests, "part of extended tests") class BFDCLITestCase(VppTestCase): """Bidirectional Forwarding Detection (BFD) (CLI) """ pg0 = None @classmethod def setUpClass(cls): super(BFDCLITestCase, cls).setUpClass() cls.vapi.cli("set log class bfd level debug") try: cls.create_pg_interfaces((0,)) cls.pg0.config_ip4() cls.pg0.config_ip6() cls.pg0.resolve_arp() cls.pg0.resolve_ndp() except Exception: super(BFDCLITestCase, cls).tearDownClass() raise @classmethod def tearDownClass(cls): super(BFDCLITestCase, cls).tearDownClass() def setUp(self): super(BFDCLITestCase, self).setUp() self.factory = AuthKeyFactory() self.pg0.enable_capture() def tearDown(self): try: self.vapi.want_bfd_events(enable_disable=0) except UnexpectedApiReturnValueError: # some tests aren't subscribed, so this is not an issue pass self.vapi.collect_events() # clear the event queue super(BFDCLITestCase, self).tearDown() def cli_verify_no_response(self, cli): """ execute a CLI, asserting that the response is empty """ self.assert_equal(self.vapi.cli(cli), b"", "CLI command response") def cli_verify_response(self, cli, expected): """ execute a CLI, asserting that the response matches expectation """ self.assert_equal(self.vapi.cli(cli).strip(), expected, "CLI command response") def test_show(self): """ show commands """ k1 = self.factory.create_random_key(self) k1.add_vpp_config() k2 = self.factory.create_random_key( self, auth_type=BFDAuthType.meticulous_keyed_sha1) k2.add_vpp_config() s1 = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4) s1.add_vpp_config() s2 = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip6, af=AF_INET6, sha1_key=k2) s2.add_vpp_config() self.logger.info(self.vapi.ppcli("show bfd keys")) self.logger.info(self.vapi.ppcli("show bfd sessions")) self.logger.info(self.vapi.ppcli("show bfd")) def test_set_del_sha1_key(self): """ set/delete SHA1 auth key """ k = self.factory.create_random_key(self) self.registry.register(k, self.logger) self.cli_verify_no_response( "bfd key set conf-key-id %s type keyed-sha1 secret %s" % (k.conf_key_id, "".join("{:02x}".format(scapy.compat.orb(c)) for c in k.key))) self.assertTrue(k.query_vpp_config()) self.vpp_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip4, sha1_key=k) self.vpp_session.add_vpp_config() self.test_session = \ BFDTestSession(self, self.pg0, AF_INET, sha1_key=k, bfd_key_id=self.vpp_session.bfd_key_id) self.vapi.want_bfd_events() bfd_session_up(self) bfd_session_down(self) # try to replace the secret for the key - should fail because the key # is in-use k2 = self.factory.create_random_key(self) self.cli_verify_response( "bfd key set conf-key-id %s type keyed-sha1 secret %s" % (k.conf_key_id, "".join("{:02x}".format(scapy.compat.orb(c)) for c in k2.key)), "bfd key set: `bfd_auth_set_key' API call failed, " "rv=-103:BFD object in use") # manipulating the session using old secret should still work bfd_session_up(self) bfd_session_down(self) self.vpp_session.remove_vpp_config() self.cli_verify_no_response( "bfd key del conf-key-id %s" % k.conf_key_id) self.assertFalse(k.query_vpp_config()) def test_set_del_meticulous_sha1_key(self): """ set/delete meticulous SHA1 auth key """ k = self.factory.create_random_key( self, auth_type=BFDAuthType.meticulous_keyed_sha1) self.registry.register(k, self.logger) self.cli_verify_no_response( "bfd key set conf-key-id %s type meticulous-keyed-sha1 secret %s" % (k.conf_key_id, "".join("{:02x}".format(scapy.compat.orb(c)) for c in k.key))) self.assertTrue(k.query_vpp_config()) self.vpp_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip6, af=AF_INET6, sha1_key=k) self.vpp_session.add_vpp_config() self.vpp_session.admin_up() self.test_session = \ BFDTestSession(self, self.pg0, AF_INET6, sha1_key=k, bfd_key_id=self.vpp_session.bfd_key_id) self.vapi.want_bfd_events() bfd_session_up(self) bfd_session_down(self) # try to replace the secret for the key - should fail because the key # is in-use k2 = self.factory.create_random_key(self) self.cli_verify_response( "bfd key set conf-key-id %s type keyed-sha1 secret %s" % (k.conf_key_id, "".join("{:02x}".format(scapy.compat.orb(c)) for c in k2.key)), "bfd key set: `bfd_auth_set_key' API call failed, " "rv=-103:BFD object in use") # manipulating the session using old secret should still work bfd_session_up(self) bfd_session_down(self) self.vpp_session.remove_vpp_config() self.cli_verify_no_response( "bfd key del conf-key-id %s" % k.conf_key_id) self.assertFalse(k.query_vpp_config()) def test_add_mod_del_bfd_udp(self): """ create/modify/delete IPv4 BFD UDP session """ vpp_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip4) self.registry.register(vpp_session, self.logger) cli_add_cmd = "bfd udp session add interface %s local-addr %s " \ "peer-addr %s desired-min-tx %s required-min-rx %s "\ "detect-mult %s" % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4, vpp_session.desired_min_tx, vpp_session.required_min_rx, vpp_session.detect_mult) self.cli_verify_no_response(cli_add_cmd) # 2nd add should fail self.cli_verify_response( cli_add_cmd, "bfd udp session add: `bfd_add_add_session' API call" " failed, rv=-101:Duplicate BFD object") verify_bfd_session_config(self, vpp_session) mod_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip4, required_min_rx=2 * vpp_session.required_min_rx, desired_min_tx=3 * vpp_session.desired_min_tx, detect_mult=4 * vpp_session.detect_mult) self.cli_verify_no_response( "bfd udp session mod interface %s local-addr %s peer-addr %s " "desired-min-tx %s required-min-rx %s detect-mult %s" % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4, mod_session.desired_min_tx, mod_session.required_min_rx, mod_session.detect_mult)) verify_bfd_session_config(self, mod_session) cli_del_cmd = "bfd udp session del interface %s local-addr %s "\ "peer-addr %s" % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4) self.cli_verify_no_response(cli_del_cmd) # 2nd del is expected to fail self.cli_verify_response( cli_del_cmd, "bfd udp session del: `bfd_udp_del_session' API call" " failed, rv=-102:No such BFD object") self.assertFalse(vpp_session.query_vpp_config()) def test_add_mod_del_bfd_udp6(self): """ create/modify/delete IPv6 BFD UDP session """ vpp_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip6, af=AF_INET6) self.registry.register(vpp_session, self.logger) cli_add_cmd = "bfd udp session add interface %s local-addr %s " \ "peer-addr %s desired-min-tx %s required-min-rx %s "\ "detect-mult %s" % (self.pg0.name, self.pg0.local_ip6, self.pg0.remote_ip6, vpp_session.desired_min_tx, vpp_session.required_min_rx, vpp_session.detect_mult) self.cli_verify_no_response(cli_add_cmd) # 2nd add should fail self.cli_verify_response( cli_add_cmd, "bfd udp session add: `bfd_add_add_session' API call" " failed, rv=-101:Duplicate BFD object") verify_bfd_session_config(self, vpp_session) mod_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip6, af=AF_INET6, required_min_rx=2 * vpp_session.required_min_rx, desired_min_tx=3 * vpp_session.desired_min_tx, detect_mult=4 * vpp_session.detect_mult) self.cli_verify_no_response( "bfd udp session mod interface %s local-addr %s peer-addr %s " "desired-min-tx %s required-min-rx %s detect-mult %s" % (self.pg0.name, self.pg0.local_ip6, self.pg0.remote_ip6, mod_session.desired_min_tx, mod_session.required_min_rx, mod_session.detect_mult)) verify_bfd_session_config(self, mod_session) cli_del_cmd = "bfd udp session del interface %s local-addr %s "\ "peer-addr %s" % (self.pg0.name, self.pg0.local_ip6, self.pg0.remote_ip6) self.cli_verify_no_response(cli_del_cmd) # 2nd del is expected to fail self.cli_verify_response( cli_del_cmd, "bfd udp session del: `bfd_udp_del_session' API call" " failed, rv=-102:No such BFD object") self.assertFalse(vpp_session.query_vpp_config()) def test_add_mod_del_bfd_udp_auth(self): """ create/modify/delete IPv4 BFD UDP session (authenticated) """ key = self.factory.create_random_key(self) key.add_vpp_config() vpp_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip4, sha1_key=key) self.registry.register(vpp_session, self.logger) cli_add_cmd = "bfd udp session add interface %s local-addr %s " \ "peer-addr %s desired-min-tx %s required-min-rx %s "\ "detect-mult %s conf-key-id %s bfd-key-id %s"\ % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4, vpp_session.desired_min_tx, vpp_session.required_min_rx, vpp_session.detect_mult, key.conf_key_id, vpp_session.bfd_key_id) self.cli_verify_no_response(cli_add_cmd) # 2nd add should fail self.cli_verify_response( cli_add_cmd, "bfd udp session add: `bfd_add_add_session' API call" " failed, rv=-101:Duplicate BFD object") verify_bfd_session_config(self, vpp_session) mod_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip4, sha1_key=key, bfd_key_id=vpp_session.bfd_key_id, required_min_rx=2 * vpp_session.required_min_rx, desired_min_tx=3 * vpp_session.desired_min_tx, detect_mult=4 * vpp_session.detect_mult) self.cli_verify_no_response( "bfd udp session mod interface %s local-addr %s peer-addr %s " "desired-min-tx %s required-min-rx %s detect-mult %s" % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4, mod_session.desired_min_tx, mod_session.required_min_rx, mod_session.detect_mult)) verify_bfd_session_config(self, mod_session) cli_del_cmd = "bfd udp session del interface %s local-addr %s "\ "peer-addr %s" % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4) self.cli_verify_no_response(cli_del_cmd) # 2nd del is expected to fail self.cli_verify_response( cli_del_cmd, "bfd udp session del: `bfd_udp_del_session' API call" " failed, rv=-102:No such BFD object") self.assertFalse(vpp_session.query_vpp_config()) def test_add_mod_del_bfd_udp6_auth(self): """ create/modify/delete IPv6 BFD UDP session (authenticated) """ key = self.factory.create_random_key( self, auth_type=BFDAuthType.meticulous_keyed_sha1) key.add_vpp_config() vpp_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip6, af=AF_INET6, sha1_key=key) self.registry.register(vpp_session, self.logger) cli_add_cmd = "bfd udp session add interface %s local-addr %s " \ "peer-addr %s desired-min-tx %s required-min-rx %s "\ "detect-mult %s conf-key-id %s bfd-key-id %s" \ % (self.pg0.name, self.pg0.local_ip6, self.pg0.remote_ip6, vpp_session.desired_min_tx, vpp_session.required_min_rx, vpp_session.detect_mult, key.conf_key_id, vpp_session.bfd_key_id) self.cli_verify_no_response(cli_add_cmd) # 2nd add should fail self.cli_verify_response( cli_add_cmd, "bfd udp session add: `bfd_add_add_session' API call" " failed, rv=-101:Duplicate BFD object") verify_bfd_session_config(self, vpp_session) mod_session = VppBFDUDPSession( self, self.pg0, self.pg0.remote_ip6, af=AF_INET6, sha1_key=key, bfd_key_id=vpp_session.bfd_key_id, required_min_rx=2 * vpp_session.required_min_rx, desired_min_tx=3 * vpp_session.desired_min_tx, detect_mult=4 * vpp_session.detect_mult) self.cli_verify_no_response( "bfd udp session mod interface %s local-addr %s peer-addr %s " "desired-min-tx %s required-min-rx %s detect-mult %s" % (self.pg0.name, self.pg0.local_ip6, self.pg0.remote_ip6, mod_session.desired_min_tx, mod_session.required_min_rx, mod_session.detect_mult)) verify_bfd_session_config(self, mod_session) cli_del_cmd = "bfd udp session del interface %s local-addr %s "\ "peer-addr %s" % (self.pg0.name, self.pg0.local_ip6, self.pg0.remote_ip6) self.cli_verify_no_response(cli_del_cmd) # 2nd del is expected to fail self.cli_verify_response( cli_del_cmd, "bfd udp session del: `bfd_udp_del_session' API call" " failed, rv=-102:No such BFD object") self.assertFalse(vpp_session.query_vpp_config()) def test_auth_on_off(self): """ turn authentication on and off """ key = self.factory.create_random_key( self, auth_type=BFDAuthType.meticulous_keyed_sha1) key.add_vpp_config() session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4) auth_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) session.add_vpp_config() cli_activate = \ "bfd udp session auth activate interface %s local-addr %s "\ "peer-addr %s conf-key-id %s bfd-key-id %s"\ % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4, key.conf_key_id, auth_session.bfd_key_id) self.cli_verify_no_response(cli_activate) verify_bfd_session_config(self, auth_session) self.cli_verify_no_response(cli_activate) verify_bfd_session_config(self, auth_session) cli_deactivate = \ "bfd udp session auth deactivate interface %s local-addr %s "\ "peer-addr %s "\ % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4) self.cli_verify_no_response(cli_deactivate) verify_bfd_session_config(self, session) self.cli_verify_no_response(cli_deactivate) verify_bfd_session_config(self, session) def test_auth_on_off_delayed(self): """ turn authentication on and off (delayed) """ key = self.factory.create_random_key( self, auth_type=BFDAuthType.meticulous_keyed_sha1) key.add_vpp_config() session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4) auth_session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4, sha1_key=key) session.add_vpp_config() cli_activate = \ "bfd udp session auth activate interface %s local-addr %s "\ "peer-addr %s conf-key-id %s bfd-key-id %s delayed yes"\ % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4, key.conf_key_id, auth_session.bfd_key_id) self.cli_verify_no_response(cli_activate) verify_bfd_session_config(self, auth_session) self.cli_verify_no_response(cli_activate) verify_bfd_session_config(self, auth_session) cli_deactivate = \ "bfd udp session auth deactivate interface %s local-addr %s "\ "peer-addr %s delayed yes"\ % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4) self.cli_verify_no_response(cli_deactivate) verify_bfd_session_config(self, session) self.cli_verify_no_response(cli_deactivate) verify_bfd_session_config(self, session) def test_admin_up_down(self): """ put session admin-up and admin-down """ session = VppBFDUDPSession(self, self.pg0, self.pg0.remote_ip4) session.add_vpp_config() cli_down = \ "bfd udp session set-flags admin down interface %s local-addr %s "\ "peer-addr %s "\ % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4) cli_up = \ "bfd udp session set-flags admin up interface %s local-addr %s "\ "peer-addr %s "\ % (self.pg0.name, self.pg0.local_ip4, self.pg0.remote_ip4) self.cli_verify_no_response(cli_down) verify_bfd_session_config(self, session, state=BFDState.admin_down) self.cli_verify_no_response(cli_up) verify_bfd_session_config(self, session, state=BFDState.down) def test_set_del_udp_echo_source(self): """ set/del udp echo source """ self.create_loopback_interfaces(1) self.loopback0 = self.lo_interfaces[0] self.loopback0.admin_up() self.cli_verify_response("show bfd echo-source", "UDP echo source is not set.") cli_set = "bfd udp echo-source set interface %s" % self.loopback0.name self.cli_verify_no_response(cli_set) self.cli_verify_response("show bfd echo-source", "UDP echo source is: %s\n" "IPv4 address usable as echo source: none\n" "IPv6 address usable as echo source: none" % self.loopback0.name) self.loopback0.config_ip4() unpacked = unpack("!L", self.loopback0.local_ip4n) echo_ip4 = inet_ntop(AF_INET, pack("!L", unpacked[0] ^ 1)) self.cli_verify_response("show bfd echo-source", "UDP echo source is: %s\n" "IPv4 address usable as echo source: %s\n" "IPv6 address usable as echo source: none" % (self.loopback0.name, echo_ip4)) unpacked = unpack("!LLLL", self.loopback0.local_ip6n) echo_ip6 = inet_ntop(AF_INET6, pack("!LLLL", unpacked[0], unpacked[1], unpacked[2], unpacked[3] ^ 1)) self.loopback0.config_ip6() self.cli_verify_response("show bfd echo-source", "UDP echo source is: %s\n" "IPv4 address usable as echo source: %s\n" "IPv6 address usable as echo source: %s" % (self.loopback0.name, echo_ip4, echo_ip6)) cli_del = "bfd udp echo-source del" self.cli_verify_no_response(cli_del) self.cli_verify_response("show bfd echo-source", "UDP echo source is not set.") if __name__ == '__main__': unittest.main(testRunner=VppTestRunner)